IETF Logo Mail Archive

Re: [Ietf-and-github] RobWilton review of draft-ietf-git-using-github-05

"Rob Wilton (rwilton)" <rwilton@cisco.com> Mon, 16 March 2020 11:49 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: ietf-and-github@ietfa.amsl.com
Delivered-To: ietf-and-github@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A79CD3A2349; Mon, 16 Mar 2020 04:49:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=DENblN17; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=yuHkqqHr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rt72l9RX90zf; Mon, 16 Mar 2020 04:49:29 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEFFB3A2347; Mon, 16 Mar 2020 04:49:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3515; q=dns/txt; s=iport; t=1584359368; x=1585568968; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=zzh/7wdLiknjcLyBJ0Y+xMVJraAkbB03L46in45CYlQ=; b=DENblN17kJAgj7oxYbG0kjOBaSy+5lDCRaqWLaTBro5IkuiIDpia5XrK fJSRN+Psrf1GZ4ul8BuYFtMI4airdTo75FaLvpH1V4uLwQ5Kxj4+hCW4X Wq7oQae339IfWxKXDc9VvLSuv/DQPKIC2oIGgjghcaqy2lK7GgFNAGbVz c=;
IronPort-PHdr: 9a23:zCuS/BRD3HJPLJ4RRlIgWF3h+dpsv++ubAcI9poqja5Pea2//pPkeVbS/uhpkESXBdfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH15g640NmhA4RsuMCEn1NvnvOjYlHcBeU1lN9HCgOk8TE8H7NBXf
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CcBQByZ29e/4UNJK1mHAEBAQEBBwEBEQEEBAEBgXuBVFAFbFggBAsqCodRA4pzgl+YGIFCgRADVAkBAQEMAQEjCgIEAQGEQwKCHyQ4EwIDAQELAQEFAQEBAgEFBG2FVgyFYwEBAQECARIoBgEBNwELBAIBCA4DBAEBARUJEDIdCAEBBAENBQgTB4MFgkoDDiABAwuhEAKBOYhigieCfwEBBYEvAYQHGIIMAwaBOIljgksagUE/gRFHgk0+gmQBAYEeAR0rPYMEgiyNVYk2iXSPQgqCPIdWjzibQ48EiQGSWgIEAgQFAg4BAQWBaSKBRAwIcBU7gmxQGA2OHYNzilV0DYEci36BMwGBDwEB
X-IronPort-AV: E=Sophos;i="5.70,560,1574121600"; d="scan'208";a="462577781"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 16 Mar 2020 11:49:27 +0000
Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by alln-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id 02GBnRRg019534 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 16 Mar 2020 11:49:27 GMT
Received: from xhs-aln-002.cisco.com (173.37.135.119) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 16 Mar 2020 06:49:27 -0500
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 16 Mar 2020 06:49:26 -0500
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 16 Mar 2020 06:49:26 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XXzLVOfTkVcrwa8cWHJ622MiCjqBu+XTfiYdcQAujcrosDHsD17jS6ZVxFMNdzHyLp59o9wIKGSdCkmnG9quLxKhUJBBh6QzwELRYnM8DABZJFpcwJzZ7Po79DQYQToMb5bwmSH2e39nCH9i+sEa8zY2Z8RBofzQyfIEOAeP7AOH0KDMx1hBnwBVOOXQIKscoqKRmYXZcqt8p1ungeFfLODyQjvmdJPxcI0CHUjEO5sGZxm88m3XlyCztDC3SUqF4tEJSC/vuaZuKqHuSLkujXRwql5GxplmmxonEu457suktFslluAGPrgYamSe39DHvT2BNP8U9qzgsLXhM2F1xg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DgdZseuFvFVZSdLOCDrw/UfOUrbAMoqVGb1dB/6UQrU=; b=MFrADQXehcqqAiHfRc+IUvEehluLzrMRHFEayTyxgUTjkAuBJqPwlISLezBtl5evxL7r0QGfQ6vprVw1lC9OQnO/jJ9VDG2rAjQ2OXM2iO99wD4qJ55ET/DqMdFspNMIUIrWlyuh+CTYgkwd4rZDxvctHFnoYxvGZXsAjMkPJihvuyZVP3/jV29frblSJjWn/I1v0UR6oHucdAy2yYihBe1lKO9VjlOpeKlanbRoz9S0TGPyl2e32KpokeUQ4c2+JO6dfPk8CzAUc9jsVfcFhFO80voPVq85A3tlev1hVBKMzzu204SS+JEh8LEpLrciFLIuA/qJLoas9vEswEplZw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DgdZseuFvFVZSdLOCDrw/UfOUrbAMoqVGb1dB/6UQrU=; b=yuHkqqHrixti6zyv14EMn/6Y5pCeKBLnBzL5JnCRptvlx7b/ltLsIuoYQL/stB8aoiHKb14lnVckIVocHyl6iGx35xoyd3c3hAvKwLdgdU1I4tgEdhRmssuOo2JduGL2bMoShMb+CFespQvCu8y8uS4TCAyXrWd1GqBfAp+Sg6I=
Received: from MN2PR11MB4366.namprd11.prod.outlook.com (2603:10b6:208:190::17) by MN2PR11MB4112.namprd11.prod.outlook.com (2603:10b6:208:137::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2814.18; Mon, 16 Mar 2020 11:49:25 +0000
Received: from MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::3:2164:a8e2:33b3]) by MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::3:2164:a8e2:33b3%5]) with mapi id 15.20.2814.018; Mon, 16 Mar 2020 11:49:25 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Martin Thomson <mt@lowentropy.net>, The IESG <iesg@ietf.org>, "draft-ietf-git-using-github@ietf.org" <draft-ietf-git-using-github@ietf.org>
CC: "ietf-and-github@ietf.org" <ietf-and-github@ietf.org>, "git-chairs@ietf.org" <git-chairs@ietf.org>, Christopher Wood <caw@heapingbits.net>
Thread-Topic: RobWilton review of draft-ietf-git-using-github-05
Thread-Index: AdX20DXn6nk7ia9BTXi3bSvYC2yFiwAnJ+6AAAcSpnAA7/5gAAAPRwuw
Date: Mon, 16 Mar 2020 11:49:25 +0000
Message-ID: <MN2PR11MB4366876EBF572FF6A000074EB5F90@MN2PR11MB4366.namprd11.prod.outlook.com>
References: <BY5PR11MB43554E4D2C6E916F070B680BB5FF0@BY5PR11MB4355.namprd11.prod.outlook.com> <03a88995-a64b-4214-a408-1e826f3ecc9a@www.fastmail.com> <MN2PR11MB4366EF66BE23577FDC1A05EAB5FA0@MN2PR11MB4366.namprd11.prod.outlook.com> <fdbcda1c-7b96-4932-a79b-9752fb9e63ae@www.fastmail.com>
In-Reply-To: <fdbcda1c-7b96-4932-a79b-9752fb9e63ae@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rwilton@cisco.com;
x-originating-ip: [82.15.79.32]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f171738d-79f2-4d14-b2c7-08d7c9a0139e
x-ms-traffictypediagnostic: MN2PR11MB4112:
x-microsoft-antispam-prvs: <MN2PR11MB41120687EBACF65920CE6A09B5F90@MN2PR11MB4112.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 03449D5DD1
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(136003)(376002)(366004)(396003)(39860400002)(199004)(33656002)(316002)(7696005)(110136005)(478600001)(54906003)(5660300002)(186003)(26005)(52536014)(8936002)(4326008)(86362001)(8676002)(76116006)(2906002)(66446008)(64756008)(66946007)(81156014)(66556008)(66476007)(71200400001)(81166006)(9686003)(55016002)(6506007)(53546011)(966005); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR11MB4112; H:MN2PR11MB4366.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6yZzBay+b7qirAabHkyQ9nKaCUP39G/WACE6sRuIwfHegaEGCO5LYKW+redffaiJC5Ue3WUDt2jSHxNGy8k+DeHLWMUJFbLkFOBDyT9ju89j2ZHR52salbYCVBt6IBDHMcnJ1T64aQWpaDoVSxLiHUUK3W+eL7h08o3+7Dax6vBnjYx7Doa9t7oR3MnChBEFjl6X40vyVladJp30mNBESZC7ao0OwX5PIT/V72sQlDFy7W+l39RS5PrgIIxHFqaW28nE3QfPW1iVs9UfqJXZIv+cW8+X4AdFuClqLh1/ITdhbfDIENKaZgMrvKgko1iXZ2ynEZ+ezatMVUk68HjE/TPG1+FHJacuIK4x6M0zG3e11CD0HDYex6oWaYE1HmudMYb/VDnQLx+vgKWVTDpsXa0qWWB08FrO+iwVmkp+h+Ia6bkGFFJ4mP+2oYmUnqULmEZir7ze+VcyCSoNiSHBAjOD15pJI8qF8Z7CNejuLlmHp938iVUxhtb9CyUne1viOeiCXSv/NT+u/LIC+TkYUQ==
x-ms-exchange-antispam-messagedata: Mw8ZaOayi4h36jJpzwnIa2OZ2yikQfiJOTjedHsiSaFHX478z6MqdgVf6mg2IsKt8vAgyGr5qI1BMiygeYrstSUnKp9qDZOYovngTPrP9ojVIcblw17yceYNIJjK6h8cqh9CupDfmGZ8Py6HlyK1uw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: f171738d-79f2-4d14-b2c7-08d7c9a0139e
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Mar 2020 11:49:25.5293 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: N0EakdH9Glu3jUwdcbm1vUO6fndZ3cc5K0sQ6eSQgYpc0NW4gzcV0aWWhNtVeXZ8eezjTgXmBoThs2eTkeUxfQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4112
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.15, xch-aln-005.cisco.com
X-Outbound-Node: alln-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-and-github/9Q7lfy5vw4UGoPoE_dBLP61lnJo>
Subject: Re: [Ietf-and-github] RobWilton review of draft-ietf-git-using-github-05
X-BeenThere: ietf-and-github@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of using GitHub in IETF activities, particularly for Working Groups" <ietf-and-github.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-and-github>, <mailto:ietf-and-github-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-and-github/>
List-Post: <mailto:ietf-and-github@ietf.org>
List-Help: <mailto:ietf-and-github-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-and-github>, <mailto:ietf-and-github-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Mar 2020 11:49:31 -0000

Hi Martin,

> -----Original Message-----
> From: Martin Thomson <mt@lowentropy.net>
> Sent: 16 March 2020 04:12
> To: Rob Wilton (rwilton) <rwilton@cisco.com>; The IESG <iesg@ietf.org>;
> draft-ietf-git-using-github@ietf.org
> Cc: ietf-and-github@ietf.org; git-chairs@ietf.org; Christopher Wood
> <caw@heapingbits.net>
> Subject: Re: RobWilton review of draft-ietf-git-using-github-05
> 
> On Fri, Mar 13, 2020, at 23:03, Rob Wilton (rwilton) wrote:
> >   I personally think that having a
> > > backup is sensible.  At the same time, having a single account with
> > > access to many repositories is a bit scary.
> > [RW]
> > Hum yes, maybe having the Secretariat on all WGs is not a good choice.
> > Perhaps we should say that all ADs for the area should be owners
> > rather than just the responsible AD, and there must always be a
> > minimum of 2 owners?  So, for the general area perhaps it would be the
> > AD and the Secretariat?
> >
> > Obviously this would need to be aligned with the config draft.
> 
> I will raise the question with the WG, as it is not limited to this draft.
> The -configuration draft has a broader net that includes the responsible
> AD, the ADs for the area, and the secretariat.
[RW] 
Thanks.


> 
> > [RW]
> > My concern is less about losing the data (since that is being backed
> > up), but more about losing control of an account/organization that is
> > under the IETF's name.  I'm not sure what policies Github has for
> > recovering an account/organisation that one loses control over, but
> > I'm sure it would be hassle, and embarrassing.
> 
> I'm sure that the process is torturous.  I tagged some text on to other
> changes I'm making.  See https://github.com/ietf-gitwg/using-
> github/pull/52/commits/302feb524c457f10a3fea21dcee140bd5dc6218e
[RW] 

This looks along the right lines to me.  I would suggest adding "users" to the list of folks who should use best security practices, but happy to leave this to your discretion.



> 
> > FWIW: It is this sort of article that I am concerned about:
> > https://nakedsecurity.sophos.com/2019/03/25/thousands-of-coders-are-le
> > aving-their-crown-jewels-exposed-on-github/
> >
> > Some of the contributors to IETF will be quite new to git/github etc,
> > so really it is about warning them about stuff they should be careful
> > to avoid.  Even a sentence or two in the security considerations might
> > help.
> 
> I think that this is a question of scope.  Personally, I think that's
> going a little outside the remit of the draft.  And I'd rather attack this
> particular problem with tools.
[RW] 

I agree, that tooling is the best solution to this.

I think that tooling, in addition to the paragraph that you linked to above, is enough for me.


> 
> > FWIW, it is this sort of issue that I am concerned about:
> > https://networkengineering.stackexchange.com/questions/44010/is-ipv10-
> > a-joke-or-a-serious-rfc-draft
> 
> Ah, that old problem. :/
> 
> I don't think that we can help with that, other than avoiding paving the
> path to having something look official.  We've talked about having tools
> like xml2rfc produce different styling for individual drafts than is used
> for presenting "official" content on IETF-controlled servers.  That might
> help, though things progress very slowly on this front.
[RW] 

I agree.

Thanks for incorporating my review comments.

Regards,
Rob

v2.23.0 | Report a Bug | By Email